From: David Woodhouse Date: Fri, 8 Jul 2016 19:47:42 +0000 (+0100) Subject: Fix ossl_statem_client_max_message_size() for DTLS1_BAD_VER X-Git-Tag: OpenSSL_1_1_0~275 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=e6027420b7124d6196ccff391063a6626b1fab62;p=oweals%2Fopenssl.git Fix ossl_statem_client_max_message_size() for DTLS1_BAD_VER The Change Cipher Spec message in this ancient pre-standard version of DTLS that Cisco are unfortunately still using in their products, is 3 bytes. Allow it. Reviewed-by: Rich Salz Reviewed-by: Matt Caswell --- diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 9d4af3ab00..df19211b55 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -589,6 +589,8 @@ unsigned long ossl_statem_client_max_message_size(SSL *s) return SERVER_HELLO_DONE_MAX_LENGTH; case TLS_ST_CR_CHANGE: + if (s->version == DTLS1_BAD_VER) + return 3; return CCS_MAX_LENGTH; case TLS_ST_CR_SESSION_TICKET: